Many entrepreneurs do not know how data protection works in practice. This applies to self-employed persons and freelancers, as well as to persons in small businesses up to medium-sized businesses.
Paragraph 9 of the Federal Data Protection Act (BDSG) contains eight so-called technical and organizational measures to be taken to ensure data protection:
- Access control
- access control
- access control
- Relay control
- entry control
- job control
- Availability control
- Data separation control
As an additional aspect of data protection, all these controls serve the overall objective of data security. Alone the conceptual proximity of the words access, access and access control provide a defined view and care in everyday use. It is therefore appropriate to deal with something more intensively.
Access Control - "Who has to stay outside the door?"
In data protection, access control means taking measures to prevent unauthorized persons from gaining physical access to data processing systems. In the broadest Sense This includes computers of all kinds - servers, PCs, notebooks, smartphones, copiers, scanners and other devices that are suitable for processing personal data.
Unauthorized persons are all those who, due to the tasks assigned to them, do not have to stay with the corresponding equipment. The aim is to exclude the possibility of unauthorized knowledge or influence from the outset.
The protection measures are to increase as the sensitivity of the data increases. Measures for access control of access control are:
- Reception with person control as well as the wearing of company / visitor badges
- Locked doors
- Alarm Upgrade Volumetric & Tilt Sensors
- Video surveillance and security
- Key and chip card control as well as biometric inlet systems
- Burglar-resistant windows
Access control - "Use of the system only for authorized persons!"
While access control prevents physical access, access control prevents the use of the system. Access control prevents unauthorized use of data processing equipment.
Under no circumstances should companies neglect the vulnerability from the outside via data connection (Internet) - an important gateway for cybercriminals and data thieves.
The unauthorized access to personal data may be prevented by the following measures, individually or in combination:
- Screen saver with password protection
- Password policy
- Magnetic and chip card
- Username and password
- PIN Method
- Use of spam filter and virus scanner
- Biometric methods
Access control - "Your, my and our data!"
The access control ensures that only authorized persons have access to personal data, programs, and documents.
From the assignment assignment and the organization of the company, the respective authorization is obtained. What many do not know: The supervisor of an authorized employee does not automatically have access authorization.
An unauthorized reading, copying, modification or deletion of personal data during their processing, use or storage should be expressly prevented. An access matrix is used to document which employee has access to which data and programs with the aid of an authorization concept. When using mobile data carriers and end devices (USB stick, notebook, camera, etc.), special attention must be paid to access control. In addition, the use of an appropriate encryption method should guarantee data security.
Measures of access control are:
- Create an authorization concept
- Set up administrator rights
- Encryption of data carriers
- Regulations for the use of mobile data carriers and terminals
- Encryption of the WLAN
- Erasure of re-writable data carriers and their destruction
Access, access and access control are seamlessly linked to each other. In individual cases, therefore, each company must examine which of the individual measures is appropriate and feasible.
Not just because of the narrow terminology: To avoid costly misunderstandings in data security, it takes care and expertise. External data protection officers provide expert support and secure handling of the technical and organizational measures as well as all other data protection-specific topics. Professionally managed data protection and data security go hand in hand - to protect against punishment and above all to protect your own company.
More knowledge - PDF download, eCourses or personal advice
Offline download: Download this text as PDF - Read usage rights, Because we do not automatically submit the title of this text for privacy reasons: When buying in "interests" the title register if support is needed. After buying text exclusively Download at this URL (please save).
Your eCourse on Demand: Choose your personal eCourse on this or another desired topic, As a PDF download. Up to 30 lessons with each 4 learning task + final lesson. Please enter the title under "interests". Alternatively, we are happy to put together your course for you or offer you a personal regular eMailCourse including supervision and certificate - all further information!
Consultant packages: You want to increase your reach or address applicants as an employer? For these and other topics we offer special Consultant packages (overview) - For example, a personal phone call (price is per hour).